The work produced by SANS and Qualys stands out as some of the best data produced on the state of security risks in most cases we allow ourselves to be exposed to. More on the data shortly. Just to clarify the statement, “we allow ourselves to be exposed to”; it is what it is. Organisations persist with doing the following:(more…)

I just read the “Special Issue: Security – How to protect corporate assets in a dangerous world”.

CW Australia, are you serious? What a load of nothing! A bunch of republished stories from the US and crap ones to begin with! Why?

You have guys like Darren Pauli and co. putting out some good stuff here in Australia, yet you publish rubbish from the US. (CW US publishes some good things but you dredged the bottom of the barrel for this issue).

As reported by Patrick Gray in the SMH, this is a big one. Presented at Kiwicon, it does impact a lot of people/businesses. I won’t go into details either at present (I wasn’t there anyway) but you’ll know doubt get the info soon. (If you haven’t already through your own sources).

With announcements such as this one in Computerworld and ZDNet Australia, I wonder how much we have progressed. An old story from the mid 90s is interesting reading today; from Wired (circa 1994).

Since then, a score of ideas and businesses have come and gone. The dot com bust probably did not help most but floored business models did not help either. PayPal must standout for how it has entrenched itself and looks like being around for a while but who else apart from the traditional guys (Visa, Mastercard, Amex etc) are really competing and have potential to be major players? (Even these established players have had quite a few “ideas” that just went nowhere).

The principles remain the same – pay someone for a product or service. In turn, accept money for a product or service. Did some of the start-up failures overly complicate this basic principle? On the flipside, a new standard/market leader could relatively easily oversimplify the process and from a security perspective, further open up a raft of security issues to endanger economies and open up new opportunities for financial and cybercrime. Not that there’s not enough of this already.

Kiwicon, New Zealand’s first hacker conference, took place in Wellington over last weekend. It was conducted with world class standard with great Speakers and smooth running from start to finish – our thanks go out to the organisers for all their efforts.

There were many familiar names, including Peter Guttman, Brett Moore, and Adam ‘Met1storm’ Boileau, as well as many first-time speakers who were warmly welcomed to the scene.

There were several presentations highlighting the effectiveness of old-school techniques against modern infrastructure, as well as introducing new techniques that are effective against legacy infrastructure.(more…)

This has to rate as the stupidest thing I have read in terms of government (potential government) approach to our industry…..and I thought my last post on this had some of the dumbest stuff I have seen! Here’s the gist of this one:

“Tom Wood, the 16-year-old schoolboy who circumvented the Government’s $84 million internet filter scheme, has been enlisted by Labor to draft a sizeable chunk of its cyber safety policy.”

Good luck to the kid. He’s a star now.

Just when you think you’ve seen the dumbest shit you could, something always tops it!

If you’ve read BorB for a while, you know my thoughts on security surveys. I’d put the Beast or Buddha polls up against most of these surveys for relevance and informational value most times.

So another has now been announced. See this Computerworld Australia story. 10 questions, as like most surveys, very subjective and final results providing what real world value? Look, anyone raising awareness of security issues, I do in a way congratulate them but lets try not to lose focus of the issues and the root cause of the problems we have. Just read the previous interview with MjR and map that against the survey questions and objectives. See my point? Anything new we’ll learn?

Not sure what the following quote was based upon from the story?!?!

“The risk is to remain vigilant and to not become complacent,” Warrilow said, adding the success of denial-of-service attacks and/or unauthorized penetration appears low.”

Does “vendor hype” actually reflect what is going on out there? Come on!

Anyway, I’ve given it some publicity, have a look for yourselves and become part of the statistics.